When running php artisan serve, Laravel's development server defaults to binding only to 127.0.0.1, making it inaccessible externally. This is a security feature, not a bug. The command's actual behavior is equivalent to:
php artisan serve --host=127.0.0.1 --port=8000
While your Windows Firewall inbound rule for port 8000 is correct, that's only half the solution. The server itself needs to be configured to accept external connections. IIS acts as a reverse proxy in this scenario, but we need to make the Laravel server visible first.
To allow WWW access, explicitly bind to all network interfaces:
php artisan serve --host=0.0.0.0 --port=8000
The 0.0.0.0 IP address means "listen on all available network interfaces." After this change, verify with:
netstat -ano | findstr :8000
You should see entries with 0.0.0.0:8000 instead of 127.0.0.1:8000.
For production-like access through IIS, add this to your web.config:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyToLaravel" stopProcessing="true">
<match url="^(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:8000/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
For production environments, consider these better alternatives:
- Set up Laravel with proper IIS FastCGI configuration
- Use Laravel Forge for automated server provisioning
- Dockerize your application with proper port mapping
Remember that artisan serve is strictly for development. Microsoft's documentation explicitly recommends against using it in production environments.
When running php artisan serve, Laravel's built-in development server binds to 127.0.0.1 by default, which means it only accepts connections from the local machine. This explains why your IIS inbound rule for port 8000 isn't working as expected.
// Default behavior (only localhost)
php artisan serve
// What we need (listen on all interfaces)
php artisan serve --host=0.0.0.0 --port=8000
After changing the Artisan serve command, you'll need to ensure proper firewall and IIS configuration:
- Run the Artisan server with external access enabled:
php artisan serve --host=0.0.0.0 --port=8000 - Create an IIS URL Rewrite rule in web.config:
<rule name="Laravel Artisan Proxy" stopProcessing="true"> <match url="^(.*)$" /> <conditions logicalGrouping="MatchAll"> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> </conditions> <action type="Rewrite" url="http://localhost:8000/{R:1}" /> </rule>
While the above solution works for development, consider these production-ready alternatives:
- Use IIS with PHP FastCGI:
// In IIS Handler Mappings Add Module Mapping: Request path: *.php Module: FastCgiModule Executable: "C:\php\php-cgi.exe" Name: PHP via FastCGI - Configure Laravel with IIS Native Support:
// In web.config <configuration> <system.webServer> <rewrite> <rules> <rule name="Laravel" patternSyntax="Wildcard"> <match url="*" /> <conditions> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> </conditions> <action type="Rewrite" url="index.php" /> </rule> </rules> </rewrite> </system.webServer> </configuration>
If you're still facing problems, check these common pitfalls:
- Verify the Windows Firewall allows inbound TCP connections on port 8000
- Ensure no other services are using port 8000 (netstat -ano)
- Check that your IIS Application Pool has proper permissions
- Test with a simple PHP file first to isolate Laravel-specific issues
Remember that Artisan serve is not meant for production use. For public-facing applications:
- Always use HTTPS
- Implement proper authentication
- Consider using Laravel Forge or similar deployment tools
- Monitor resource usage and logs